Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mobile Device Protocol Sunil Vallamkonda 11/19/2012.

Similar presentations

Presentation on theme: "Mobile Device Protocol Sunil Vallamkonda 11/19/2012."— Presentation transcript:

1 Mobile Device Protocol Sunil Vallamkonda 11/19/2012

2 Previous topics Security: AAA RADIUS, IPSec etc. Virtualization Cloud Technologies Contact:

3 Discussion Introduction Concepts Trends Q&A Do not cover: Protocol Specifications Vendor details Certificates

4 Background Has existed by vendors: MS update, Sicap Client-Server based technology. Application protocol. Brings features as: o Updates: remote configuration/provision, backup. o Monitor: license, troubleshoot and diagnose. o Accounting: logging and reporting o Tracking: GPS and bread crumb mapping.

5 History

6 Approaches Vendor specific: Smart Message text, NOK- ERIC OTA, etc. OMA groups: CD, inter-op, DM, etc. Models: SaaS, On-site, mixed. BYOD: Hybrid employee/corporate mix.

7 Vendors APPLE: APNS Android: Google: C2DM Air-watch: ActiveSync Black berry: Push Availability: -Specs -APIs -Implementation -Reference deployments

8 Vendors (contd)

9 Competition

10 BYOD From recent AT&T survey: 40% of small business employees use smartphones for work and two-thirds use tablets…: BYOD survey: (source: Ponemon Institute): 51% of Organizations lose data through mobile devices.


12 Challenges Centrally Manage Security: BYOD identity, access rights, privileges, etc. Scalability: Apps, Devices, Users. Complexity: Policies Vendor Variances: iOS, Android, ActiveSync, Windows Phone, Black berry etc. Enterprises: requirements and use case life cycles. Roles, multi-tenants. Compliances !

13 Process

14 Packet

15 Check-in

16 Pkt Trace

17 Trace (contd)

18 Push Notification Device needs to have match three items in order for a push notification to trigger an MDM response, viz; The Device Token (without which the notification will never reach the device), and the Push Magic token (without which the MDM client will just discard the notification). Finally, the Subject Name / User ID field in the push notification certificate used to sign the notification must match the Topic field in the MDM profile.

19 Schema

20 Device-MDM

21 Notif (contd)

22 Command sequence

23 Commands First, Device must make persistent connection to APNS Server. Then for every MDM server command:

24 plist

25 iOS MDM commands

26 plist

27 plist response

28 Device Lock

29 iOS security model

30 iOS Keybag

31 Example: File key wrapping (iOS)

32 Sample: Evil Maid attack

33 Specs For PUSH: Apple: port 2195 Devices: TCP port 5223 MDM port: defined by MDM profile

34 MDM limitations User can terminate MDM relationship. Multi-user model not supported. Jailbreak cannot be detected. Location service not available. App features very minimal. Security: command auth optional, accepts any cert with trusted root, etc. Malware install attacks: push webclip, etc., DoS Attacks. Delays and bugs and etc. MDM profile issues…

35 References

Download ppt "Mobile Device Protocol Sunil Vallamkonda 11/19/2012."

Similar presentations

Ads by Google